Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS153787.roa
File:                     AS153787.roa (raw, json)
Hash identifier:          zYWxxV0SurofaYiDGhKDm4K7UMRqhragQNZGyU1aBLo=
Subject key identifier:   A3:2B:D2:4A:4B:0C:BE:EE:1C:9B:E9:BE:61:79:54:E3:D1:96:32:71
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5514F3012F8D0E84037E1CA63A30A5D773E5E1BB
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS153787.roa
Signing time:             Thu 29 May 2025 18:27:33 +0000
ROA not before:           Thu 29 May 2025 18:22:33 +0000
ROA not after:            Thu 28 May 2026 18:27:33 +0000
asID:                     153787
IP address blocks:        2a13:9500:71::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:14:f3:01:2f:8d:0e:84:03:7e:1c:a6:3a:30:a5:d7:73:e5:e1:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 29 18:22:33 2025 GMT
            Not After : May 28 18:27:33 2026 GMT
        Subject: CN=A32BD24A4B0CBEEE1C9BE9BE617954E3D1963271
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:4e:fe:a5:51:77:04:8b:f7:52:96:cb:aa:8c:
                    89:16:88:a7:78:76:ba:0c:fc:48:fd:40:b6:0f:38:
                    e0:96:f9:3f:f5:81:b6:17:70:9a:1e:ba:e4:51:5d:
                    5e:34:b7:49:29:b9:56:d8:4e:fa:22:e7:db:b9:88:
                    0f:a1:db:dd:f8:48:27:5e:02:51:6c:8e:6c:89:b1:
                    41:94:5d:4b:98:f7:16:ee:78:b3:7e:36:e4:4d:4d:
                    52:0c:7b:04:c2:fc:c0:6d:fd:e3:dc:be:59:73:3a:
                    90:71:3d:37:6b:e4:1e:34:b8:f0:31:94:2a:10:c5:
                    20:b7:74:f9:f1:60:67:6b:57:a5:a3:94:18:f4:64:
                    82:65:d0:9d:2c:4b:ec:e0:39:09:22:3c:52:96:1d:
                    f5:a2:2f:14:f0:0d:40:84:7d:2e:7f:fe:4f:62:d5:
                    b0:19:33:da:9f:e9:9e:68:d9:76:0a:59:7e:52:2e:
                    25:73:96:f1:02:40:48:37:07:67:3f:ea:3b:f8:c8:
                    8c:a4:a6:61:8b:48:0d:10:7a:68:90:63:39:89:c1:
                    78:ae:2c:49:88:cb:3f:34:10:ec:95:ec:27:ae:f8:
                    eb:7b:4a:66:26:0d:8a:e0:e4:32:08:db:e6:5e:eb:
                    3c:a9:87:3d:a4:6a:f8:78:86:8e:74:bc:e4:e5:d2:
                    05:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:2B:D2:4A:4B:0C:BE:EE:1C:9B:E9:BE:61:79:54:E3:D1:96:32:71
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS153787.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:71::/48

    Signature Algorithm: sha256WithRSAEncryption
         90:78:96:4c:15:74:14:1a:05:85:b6:34:85:07:b7:2f:a7:bb:
         09:91:48:a0:0f:1c:bd:cc:28:81:5c:14:3e:e3:cf:0b:0c:59:
         17:d3:96:1f:29:6c:d4:9f:32:a2:54:3e:05:49:64:d6:42:db:
         99:a8:24:00:ed:b6:16:e0:5f:71:6d:26:81:b3:52:09:9b:f5:
         cd:d5:0c:cd:fc:70:96:68:02:26:3f:b3:ea:4b:c3:ac:06:78:
         aa:22:a4:19:90:02:d1:67:b2:34:6b:74:e6:ac:db:20:02:44:
         16:a8:00:4a:aa:bc:e7:ed:98:56:0f:55:9c:34:9e:52:69:27:
         c5:b0:5a:30:ca:3f:fd:32:70:a7:28:21:ae:b7:35:03:20:f4:
         96:e3:76:92:86:1e:6c:e2:89:8a:53:3a:f6:6e:b9:cd:fa:cb:
         3c:1e:4f:b0:c7:de:4d:c8:e6:c1:b0:5f:c7:54:4e:c5:65:58:
         0b:d2:74:f1:52:03:2d:a7:6e:af:8d:89:57:67:85:14:1d:a2:
         9c:2d:be:3b:5d:2d:bb:c1:5a:e5:69:73:79:e3:3c:10:28:b5:
         08:4d:50:9b:54:e0:b7:00:9e:7b:b1:c7:2c:83:76:b5:a4:56:
         8f:5c:af:7c:7c:de:c0:90:a3:43:67:c2:a3:90:e6:e9:2a:2d:
         7b:c1:fa:31
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUVRTzAS+NDoQDfhymOjCl13Pl4bswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA1MjkxODIyMzNaFw0yNjA1MjgxODI3MzNaMDMxMTAvBgNV
BAMTKEEzMkJEMjRBNEIwQ0JFRUUxQzlCRTlCRTYxNzk1NEUzRDE5NjMyNzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjTv6lUXcEi/dSlsuqjIkWiKd4
droM/Ej9QLYPOOCW+T/1gbYXcJoeuuRRXV40t0kpuVbYTvoi59u5iA+h2934SCde
AlFsjmyJsUGUXUuY9xbueLN+NuRNTVIMewTC/MBt/ePcvllzOpBxPTdr5B40uPAx
lCoQxSC3dPnxYGdrV6WjlBj0ZIJl0J0sS+zgOQkiPFKWHfWiLxTwDUCEfS5//k9i
1bAZM9qf6Z5o2XYKWX5SLiVzlvECQEg3B2c/6jv4yIykpmGLSA0QemiQYzmJwXiu
LEmIyz80EOyV7Ceu+Ot7SmYmDYrg5DII2+Ze6zyphz2kavh4ho50vOTl0gVjAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUoyvSSksMvu4cm+m+YXlU49GWMnEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTUzNzg3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AABxMA0GCSqGSIb3DQEBCwUAA4IBAQCQeJZMFXQUGgWFtjSFB7cvp7sJkUigDxy9
zCiBXBQ+488LDFkX05YfKWzUnzKiVD4FSWTWQtuZqCQA7bYW4F9xbSaBs1IJm/XN
1QzN/HCWaAImP7PqS8OsBniqIqQZkALRZ7I0a3TmrNsgAkQWqABKqrzn7ZhWD1Wc
NJ5SaSfFsFowyj/9MnCnKCGutzUDIPSW43aShh5s4omKUzr2brnN+ss8Hk+wx95N
yObBsF/HVE7FZVgL0nTxUgMtp26vjYlXZ4UUHaKcLb47XS27wVrlaXN54zwQKLUI
TVCbVOC3AJ57sccsg3a1pFaPXK98fN7AkKNDZ8KjkObpKi17wfox
-----END CERTIFICATE-----